Re: ECC in OpenPGP

Andrey Jivsov <> Thu, 02 September 2010 21:27 UTC

Received: from (localhost []) by (8.14.4/8.14.3) with ESMTP id o82LRTLG065020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Sep 2010 14:27:29 -0700 (MST) (envelope-from
Received: (from majordom@localhost) by (8.14.4/8.13.5/Submit) id o82LRTjk065019; Thu, 2 Sep 2010 14:27:29 -0700 (MST) (envelope-from
X-Authentication-Warning: majordom set sender to using -f
Received: from ( []) by (8.14.4/8.14.3) with ESMTP id o82LRPFL065013 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <>; Thu, 2 Sep 2010 14:27:29 -0700 (MST) (envelope-from
Received: from ( []) by (8.12.8/8.12.8) with ESMTP id o82LKRxo020832 for <>; Thu, 2 Sep 2010 17:20:31 -0400
Received: from World by with ESMTP id o82LRIet003268 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <>; Thu, 2 Sep 2010 14:27:19 -0700
Message-ID: <>
Date: Thu, 02 Sep 2010 14:25:37 -0700
From: Andrey Jivsov <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100806 Fedora/3.1.2-1.fc13 Lightning/1.0b2pre Thunderbird/3.1.2
MIME-Version: 1.0
CC: OpenPGP Working Group <>
Subject: Re: ECC in OpenPGP
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

  To rephrase what Jon, said, it makes no sense to set AES 256 as first 
preferred cipher in 2048 RSA PGP key preference lists, as is commonly 
done (example: default in gpg2 --gen-key). Also note that mentioned 
2Kbyte field is per recipient in each of encrypted messages. The pref. 
change is a practical method to save CPU time without sacrificing security.

NIST is working on SP 800 131, in which RSA 2048 is the minimum allowed 
algorithm, corresponding to 110 bit security. The document suggests to 
disallow PKCS#1.5 padding after 2013. If we are going to address this, 
it makes sense to do such a significant change together along with ECC, 
as specified in

The importance of ECC raises if you believe that future computing 
environment will be more diverse and shift more toward weak mobile 
devices. Whether or not you believe in ascent of quantum computers, why 
not get that number of Q-bits higher anyway.